If utilities are forced to pull suspect components from the grid then the cost implications could be significant, according to Tobias Whitney, vice president of energy security solutions at Fortress Information Security. The average utility could spend $9 million up front to address the order and over $1.2 million per year to maintain a...

Utilities are working hard to keep hackers out of their networks, but intrusions do occur. FERC and NERC's new report focuses on common elements found among effective Incident Response and Recovery (IRR) plans.

The energy industry faces an increasing threat from financially-motivated hackers. Experts say more companies are paying, and ransoms are rising.

"The rate of change in technology and cybersecurity is quicker than what we can keep up with from a regulatory perspective," Tobias Whitney, vice president of energy security solutions at Fortress Information Security, told Utility Dive.

Cybereason's honeypot operation — in which hackers are lured to break into a fake ICS network to study their methods — revealed increasingly targeted tactics and resulted in a dire warning for the electric sector and critical infrastructure more broadly.

In May, President Donald Trump issued an executive order blocking the installation of bulk power system (BPS) equipment sourced from adversaries of the United States. Grid security is a major concern, but experts say the White House order is vague — and the process to translate it into enforceable regulations could stretch into next year.